Methods, apparatus and data structures for segmenting customers using at least a portion of a layer 2 address header or bits in the place of a layer 2 address header
First Claim
1. A method for provisioning services to packets sourced from a number of client devices, the method comprising:
- a) accepting a packet sourced from one of a number of client devices, wherein the packet has had at least a part of a layer 2 header replaced with a unique bit string that is independent of any contents of the packet, b) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
c) if it is determined that the packet is entitled to access the particular service, then routing the packet.
2 Assignments
0 Petitions
Accused Products
Abstract
Limiting or controlling access to various services thereby performing a firewall function. An access router may permit or deny a packet based on at least a portion of a unique bit string (or context information) which replaced layer 2 header information (e.g., the layer 2 (e.g., MAC) address). Further, a particular quality of service may be indicated by at least a part of the unique bit string (or context information). The service provided to a group of customers, that group of customers being defined by at least a portion of the unique bit string (or context information), may be monitored. Multicast groups may be supported by checking at least a part of the unique bit string (or context information) to determine whether or not a customer associated with that port is permitted to join the multicast group.
-
Citations
30 Claims
-
1. A method for provisioning services to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one of a number of client devices, wherein the packet has had at least a part of a layer 2 header replaced with a unique bit string that is independent of any contents of the packet, b) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
c) if it is determined that the packet is entitled to access the particular service, then routing the packet. - View Dependent Claims (2, 3, 4, 16, 25, 26)
-
-
5. A method for providing various quality of service levels to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one or a number of client devices, wherein the packet has had at least a part of a layer 2 header replaced with a unique bit string that is independent of any contents of the packet;
b) determining a service level to which the packet is entitled using at least a portion of the unique bit string; and
c) forwarding the packet to a particular one of a plurality of queues associated with the service level determined. - View Dependent Claims (6, 7, 8, 17, 27, 28)
-
-
9. A method for monitoring packets sourced from a group of client devices defining a subset of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string, the method comprising:
-
a) determining whether or not the packet belongs to the group of client devices using at least a portion of the unique bit string; and
b) if it is determined that the packet does belong to the group of client devices, then i) copying the packet to generate a duplicate packet, and ii) forwarding the duplicate packet to a monitoring facility, wherein the monitoring facility monitors at least one of (A) service provided to a group of customers, and (B) security. - View Dependent Claims (10, 11, 12, 18, 19)
-
-
13. An apparatus for provisioning services to packets sourced from a number of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string, the apparatus comprising:
-
a) an access control list; and
b) an access controller, the access controller including i) means for determining whether or not the packet is entitled to access a particular service using A) contents of the access control list, and B) at least a portion of the unique bit string, and ii) means for routing the packet only if it is determined that the packet is entitled to access the particular service. - View Dependent Claims (20, 21)
-
-
14. An apparatus for providing various service levels to packets sourced from a number of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string that is independent of contents of the packets, the apparatus comprising:
-
a) a plurality of queues, each of the plurality of queues associated with a particular service level;
b) a service level list; and
c) a service level controller, the service level controller including i) means for determining a service level to which the packet is entitled using A) contents of the service level list, and B) at least a portion of the unique bit string, and ii) means for forwarding the packet to the one of the plurality of queues associated with the quality of service level determined. - View Dependent Claims (22)
-
-
15. An apparatus for monitoring packets sourced from a group of client devices defining a subset of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string, the apparatus comprising:
-
a) a monitoring port for accepting packets of the group of client devices to be monitored;
b) means determining whether or not an accepted packet belongs to the group of client devices using at least a portion of the unique bit string; and
c) means for i) copying the accepted packet to generate a duplicate packet, and ii) forwarding the duplicate packet to the monitoring port so that at least one of (A) service to a group of customers, and (B) security, may be monitored if it is determined that the packet was sourced by a client device belonging to the group of client devices. - View Dependent Claims (23, 24)
-
-
29. A method for provisioning services to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one of the number of client devices;
b) replacing at least a part of a layer 2 header of the packet with a unique bit string that is independent of any contents of the packet;
c) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
d) if it is determined that the packet is entitled to access the particular service, then routing the packet.
-
-
30. A method for providing various quality of service levels to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one of the number of client devices;
b) replacing at least a part of a layer 2 header of the packet with a unique bit string that is independent of any contents of the packet;
c) determining a service level to which the packet is entitled using at least a portion of the unique bit string; and
d) forwarding the packet to a queue associated with the service level determined.
-
Specification